git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a client to run an arbitrary shell command. Alternately, if an attacker can MITM an unencrypted git clone, they could exploit this. The ext command will be run if the repository is recursively cloned or if submodules are updated. This attack works when cloning both local and remote repositories.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HSquareup Git Fastclone
APPSquareup< 1.0.1
Powiązane podatności
git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute...
Square Open Source Retrofit version Prior to commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437 contains a XML Ex...
Square Retrofit version versions from (including) 2.0 and 2.5.0 (excluding) contains a Directory Traversal vul...
A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information d...
DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an atta...